...
security:securityType
is the global type that defines security requirements of an application with respect to the J2EE role mapping to Principals
.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<xsd:complexType name="securityType"> <xsd:sequence> <xsd:element name="description" type="security:descriptionType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="default-principal" type="security:default-principalType"/> <xsd:element name="role-mappings" type="security:role-mappingsType" minOccurs="0"/> </xsd:sequence> <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false"/> <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false"/> <xsd:attribute name="default-role" type="xsd:string"/> </xsd:complexType> |
...
security:default-principalType
is a sequence of optional description, the choice of principal, login-domain-principal, realm-principal, followed by a sequence of
named-username-password-credential
elements.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xsd:complexType name="default-principalType"> <xsd:sequence> <xsd:element name="description" type="security:descriptionType" minOccurs="0" maxOccurs="unbounded"/> <xsd:choice> <xsd:element name="principal" type="security:principalType"/> <xsd:element name="login-domain-principal" type="security:loginDomainPrincipalType"/> <xsd:element name="realm-principal" type="security:realmPrincipalType"/> </xsd:choice> <xsd:element name="named-username-password-credential" type="security:named-username-password-credentialType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> |
...
security:principalType
defines authenticated principal.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<xsd:complexType name="principalType"> <xsd:sequence> <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="class" type="xsd:string" use="required"/> <xsd:attribute name="name" type="xsd:string" use="required"/> <xsd:attribute name="designated-run-as" type="xsd:boolean" default="false"/> </xsd:complexType> |
...
login-domainPrincipalType extends principalType.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<xsd:complexType name="loginDomainPrincipalType"> <xsd:complexContent> <xsd:extension base="security:principalType"> <xsd:attribute name="domain-name" type="xsd:string" use="required"/> </xsd:extension> </xsd:complexContent> </xsd:complexType> |
...
realmPrincipalType
extends security:loginDomainPrincipalType
.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xsd:complexType name="realmPrincipalType"> <xsd:complexContent> <xsd:extension base="security:loginDomainPrincipalType"> <xsd:attribute name="realm-name" type="xsd:string" use="required"/> </xsd:extension> </xsd:complexContent> </xsd:complexType> |
...
This element defines username - password credential.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<xsd:complexType name="named-username-password-credentialType"> <xsd:sequence> <xsd:element name="name" type="xsd:string"/> <xsd:element name="username" type="xsd:string"/> <xsd:element name="password" type="xsd:string"/> </xsd:sequence> </xsd:complexType> |
...
Note that ideally we want to map to DomainPrincipals
or RealmPrincipals
. This type of mapping is not supported in Geronimo M5 or earlier milestones. The only type of mapping in M5 and before is principalType
mapping and dn
mapping.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xsd:complexType name="roleType"> <xsd:sequence> <xsd:element name="description" type="security:descriptionType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="realm-principal" type="security:realmPrincipalType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="login-domain-principal" type="security:loginDomainPrincipalType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="principal" type="security:principalType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="distinguished-name" type="security:distinguishedNameType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="role-name" type="xsd:string" use="required"/> </xsd:complexType> |
...
Type distinguishedNameType
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<xsd:complexType name="distinguishedNameType"> <xsd:sequence> <xsd:element name="description" type="security:descriptionType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="name" type="xsd:string" use="required"/> <xsd:attribute name="designated-run-as" type="xsd:boolean" default="false"/> </xsd:complexType> |
...
security:descriptionType
element allows description to be inserted in any other element. This type extends schema string type with the reference to the global xml:lang
attribute.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xsd:complexType name="descriptionType"> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute ref="xml:lang"/> </xsd:extension> </xsd:simpleContent> </xsd:complexType> |
...